rlm_sql sql_escape_func

Alan DeKok aland at deployingradius.com
Tue Jan 8 15:40:56 CET 2019


On Jan 8, 2019, at 9:32 AM, Hagen M√ľnch <hmuench at gordiancode.com> wrote:
> 
> 
> I met the problem that if there are string values in a data base that contain single-quotes, the radius_axlat function expands a "foo'bar" to "foo27bar" by using the sql_escape_func of the rlm_sql module.

  That's what the SQL escape function does.

> I solved it by adding
> ...
> Do you think this approach is appropriate and would it be possible to add this single-quote escape case to the v3.x source? Thank you.

  It's not correct.

  You can set "sql_safe_characters" in the SQL configuration.  See raddb/mods-config/sql/main/*/queries.conf for more information.

  Alan DeKok.




More information about the Freeradius-Devel mailing list